Ads

troubleshooting dns – dig tracing

This tip will help you troubleshooting DNS issues by directly querying DNS using only the IP address of name servers. When you run dns resolution client tools such as dig or nslookup, they will query the name server configured on your host. If the DNS with unexpired ttl is in cache, they will return it from cache. The results will return from cache by any of the intermediate name servers except for the authoritative name servers. That is why ‘dig +trace’ is useful in troubleshooting dns issues, as it starts from the root name servers and moves down all the way to the authoritative name servers to get you the dns records.

Here is a similar tool to “dig +trace”, which queries root name servers, their IPs is hard coded in the script, and follows the authoritative name servers for the subdomains by directly querying the registered IP addresses of name servers. For instance, if you use this tool to query “www.example.com”, it will get a randomly picked root name server’s IP and query it for NS records of “.com” domain. Once it gets the IP address of the name servers for “.com”, it goes on to query them for authoritative name servers of “example.com.” and does the same for “www.example.com.” as well. Throughout the query, it doesn’t use any cache or FQDN, it get the IP address of authoritative name servers and queries the IP directly.